Report - 22.us.findthewnd.xyz/feed/?link=true&tid=22&subid=488122.22&ref=go.redanemone.xyz&s1=63a4a6528e3ffb42ff54d805

Report Overview

Submitted URL
22.us.findthewnd.xyz/feed/?link=true&tid=22&subid=488122.22&ref=go.redanemone.xyz&s1=63a4a6528e3ffb42ff54d805
IP
23.235.251.114
ASN
#19437 SS-ASH
Submitted
2022-12-22 18:48:23
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-09T05:09:13Z	606 B	127 B	34.218.168.248
t2.lowtid.com	unknown	2022-08-03T15:42:14Z	2023-03-09T11:02:33Z	518 B	294 B	51.161.115.163
ps.popcash.net	67692	2018-12-04T14:00:05Z	2023-03-09T07:42:57Z	815 B	606 B	52.20.154.189
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-09T12:17:45Z	449 B	2.1 kB	142.250.74.74
redir.blowingwind.xyz	unknown	2022-12-09T15:19:31Z	2023-03-09T04:01:03Z	488 B	702 B	198.211.113.186
popcash.net	11104	2012-10-10T15:08:00Z	2023-03-09T10:22:00Z	484 B	732 B	172.67.194.203
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-09T05:09:50Z	1.7 kB	3.5 kB	142.250.74.131
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-09T05:09:05Z	3.4 kB	8.9 kB	23.36.77.32
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-09T05:09:49Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-09T05:09:48Z	333 B	391 B	34.117.237.239
ron.trffclb.com	unknown	2022-09-30T15:04:48Z	2023-03-09T14:11:42Z	1.7 kB	1.4 kB	51.83.143.92
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-09T10:04:36Z	3.2 kB	56 kB	34.120.237.76
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-09T05:09:18Z	782 B	2.4 kB	35.241.9.150
22.us.findthewnd.xyz	unknown	2022-12-22T17:33:56Z	2023-01-21T01:19:53Z	440 B	248 B	23.235.251.114
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-09T11:52:10Z	341 B	797 B	93.184.220.29
heya.today	unknown	2022-03-16T08:32:31Z	2023-01-25T11:36:36Z	6.3 kB	849 kB	99.192.224.70
www.googletagmanager.com	75	2013-05-22T04:07:37Z	2023-03-09T13:40:16Z	378 B	77 kB	142.250.74.168
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-09T10:01:47Z	474 B	17 kB	142.250.74.35

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-12-22	medium	trffclb.com	Sinkholed
2022-12-22	medium	trffclb.com	Sinkholed
2022-12-22	medium	trffclb.com	Sinkholed

JavaScript (6)

	URL	Size	First Seen	Last Seen
	www.googletagmanager.com/gtag/js?id=G-TBR6YBVH1L	218 kB	2023-03-10	2023-03-10
Pretty URL www.googletagmanager.com/gtag/js?id=G-TBR6YBVH1L IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 04:01:03 Last Seen2023-03-10 04:01:03 Times Seen1 Hash bd4e21a0438cb272437af1cf3432f310 3d6f1fe5665cb7936e91f1e8e964d8edb691fcf7 05bbcd2c04de7457fb9ac1449aafbda58ee19e47452df0fddf17a85f1c0b3272 Loading...

	heya.today/1	159 B	2023-03-07	2023-03-12
Pretty URL heya.today/1 IP 99.192.224.70 ASN #27589 MOJOHOST Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:40 Last Seen2023-03-12 07:08:05 Times Seen1 Hash 0cf3e4c1ed4ed6f1e2751be0127256d1 a8fb9e5b61285e0e8cc66b05c41b112f574cc7e1 030dbe28e57cf8bb5a43b847975bb7894871979b475d3bc1e4c450b0c2acb820 Loading...

	ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_22.488122.22	288 B	2023-03-07	2023-04-02
Pretty URL ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_22.488122.22 IP 51.83.143.92 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:48 Last Seen2023-04-02 21:16:29 Times Seen4 Hash 39b0d0273a1fb864d830216dd7c2e357 dc5db9208682c1f704ac3f47978f9667c1371fb5 6e15d354cc231f333118b1508b21ece489e38854d556fa95d1e0cd222a8ea570 Loading...

	ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_22.488122.22	243 B	2023-03-07	2023-04-02
Pretty URL ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_22.488122.22 IP 51.83.143.92 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:48 Last Seen2023-04-02 21:16:29 Times Seen4 Hash c5ece1e9d202b87cb431d3d96e5575b6 f6d83964155d7c1613c5708b3dd802cedd431061 f2bbcb4681e3c185c2ab19b1c09ce623d2d516dc49f32d3773e769ae0db74be4 Loading...

	ps.popcash.net/go/134600/317194	386 B	2023-03-10	2023-03-10
Pretty URL ps.popcash.net/go/134600/317194 IP 52.20.154.189 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 04:01:01 Last Seen2023-03-10 04:01:24 Times Seen1 Hash 4bf0b48ee76395181ef932592de4cbba 3579b0d6412d77b1e8c2d67b3ac97a37a976c196 3c4d7aabbcb4e9e89ca716c028f7078e22b346b1eab6f1ea7f74b432d5e7e8e0 Loading...

	heya.today/1	106 B	2023-03-07	2023-03-17
Pretty URL heya.today/1 IP 99.192.224.70 ASN #27589 MOJOHOST Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:40 Last Seen2023-03-17 11:25:05 Times Seen1 Hash 2556c95010133641cd4a0ad04968c69c 58343ee1dde991b4b93183a67c05a1dda4e844c5 b782a85dc7b444d641441d72a362c5c8bb3ed6aa15c4403c1f544e2a3722d72d Loading...

HTTP Transactions (53)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b8fbcd7ca1a893d05677318a8a198e7a
0851654c21f6e3741887e7deab8098c1dc56f33c
edbade5913ace2fcbb932922e9af69acb2e8759474a2eeaec216307247fea361

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EDBADE5913ACE2FCBB932922E9AF69ACB2E8759474A2EEAEC216307247FEA361"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4636
Expires: Thu, 22 Dec 2022 20:05:27 GMT
Date: Thu, 22 Dec 2022 18:48:11 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bbea1550fedd5eb9c265712fab75b137
2c2f981747898a380265f766345f2bb9c8c983fd
c728286e38c31a4d3f7a39702e0a5f69c14bf69e01a88bc4479714953fbda278

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C728286E38C31A4D3F7A39702E0A5F69C14BF69E01A88BC4479714953FBDA278"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2383
Expires: Thu, 22 Dec 2022 19:27:54 GMT
Date: Thu, 22 Dec 2022 18:48:11 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Content-Length, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 22 Dec 2022 18:46:03 GMT
content-type: application/json
age: 129
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
32167242c3bbe7e45a2a865279df94a6
d03436f418ff77d50a553daa892c05e0725ba908
d5578d537296da18f3f349a98465e9fe930dca60a8ed62c183e9c9f6eb53f493

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D5578D537296DA18F3F349A98465E9FE930DCA60A8ED62C183E9C9F6EB53F493"
Last-Modified: Wed, 21 Dec 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11244
Expires: Thu, 22 Dec 2022 21:55:36 GMT
Date: Thu, 22 Dec 2022 18:48:12 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: UEH5gEi45/FtLVGVC9kKnbHPQavXD8fIBs1PzVzZdmkL0o0p6atp2BosLFeKNK3jNPEsfkzCbbY=
x-amz-request-id: N83FSZEP6MHTRTSD
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 22 Dec 2022 17:55:52 GMT
age: 3140
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 22 Dec 2022 18:48:12 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Last-Modified, Retry-After, Content-Type, Alert, Pragma, ETag, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 22 Dec 2022 18:08:02 GMT
age: 2410
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

22.us.findthewnd.xyz/feed/?link=true&tid=22&subid=488122.22&ref=go.redanemone.xyz&s1=63a4a6528e3ffb42ff54d805

23.235.251.114

301 Moved Permanently

0 B

URL HTTP/1.1
22.us.findthewnd.xyz/feed/?link=true&tid=22&subid=488122.22&ref=go.redanemone.xyz&s1=63a4a6528e3ffb42ff54d805
IP
23.235.251.114:0
ASN
#19437 SS-ASH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /feed/?link=true&tid=22&subid=488122.22&ref=go.redanemone.xyz&s1=63a4a6528e3ffb42ff54d805 HTTP/1.1
Host: 22.us.findthewnd.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Location: https://redir.blowingwind.xyz/click/invalid/?tid=22&subid=488122.22
Date: Thu, 22 Dec 2022 18:48:12 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
70a7b165f99b2b8fa0dc98318a7158d7
4d924f7febab9c8fe3fe9199e8879fd6ad892575
c5e0e414c34f2f328b487ae72b21a12a1b50d952aa1a31fb6314b4e700d27e05

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5705
Cache-Control: max-age=143623
Content-Type: application/ocsp-response
Date: Thu, 22 Dec 2022 18:48:12 GMT
Etag: "63a41e2a-1d7"
Expires: Sat, 24 Dec 2022 10:41:55 GMT
Last-Modified: Thu, 22 Dec 2022 09:06:50 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
0318c363ad1e6c3f034840f0986b8ce7
91d82816a1c45fa1b6e130d9714db34e775ad33f
8f356de491f6c806b5992fa2935e3d8207afa397ad3b3cf0e61e02d64a3a0703

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8F356DE491F6C806B5992FA2935E3D8207AFA397AD3B3CF0E61E02D64A3A0703"
Last-Modified: Tue, 20 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7183
Expires: Thu, 22 Dec 2022 20:47:55 GMT
Date: Thu, 22 Dec 2022 18:48:12 GMT
Connection: keep-alive

redir.blowingwind.xyz/click/invalid/?tid=22&subid=488122.22

198.211.113.186

302 Found

262 B

URL HTTP/1.1
redir.blowingwind.xyz/click/invalid/?tid=22&subid=488122.22
IP
198.211.113.186:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document, ASCII text, with no line terminators
Size
262 B (262 bytes)
Hash
745a160e42a000db4d7c38cb9012d4b0
507b8f4fbbbac0521e31cb6e14b332b05d095508
cde56fa800c81d842377118dfaeee5c052e8bd3f6e90b4430a71882c7380db8c

HTTP Headers

GET /click/invalid/?tid=22&subid=488122.22 HTTP/1.1
Host: redir.blowingwind.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 302 Found
X-Powered-By: Express
Surrogate-Control: no-store
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: 0
Location: https://t2.lowtid.com/c.php?p=c:9qopki6xxv00_xcj_&d=63a476059667022f656af908&s=22.488122.22&s3=22
Vary: Accept
Content-Type: text/html; charset=utf-8
Content-Length: 262
Date: Thu, 22 Dec 2022 18:48:12 GMT
Connection: keep-alive
Keep-Alive: timeout=5

push.services.mozilla.com/

34.218.168.248

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.218.168.248:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: T//F+9MsB2VQzOc0yXYIYA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 3upCyGEN15fLgMXs49LGwH9Ej6I=

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
968f8e05967959305e34bbb087c47040
b47418add025dcd0cbbf41d477ac34a9585b0835
1c5f0846fe53c446c513452f90203c067e9d3943898c180f6d303ff5da85746a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1C5F0846FE53C446C513452F90203C067E9D3943898C180F6D303FF5DA85746A"
Last-Modified: Tue, 20 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20226
Expires: Fri, 23 Dec 2022 00:25:19 GMT
Date: Thu, 22 Dec 2022 18:48:13 GMT
Connection: keep-alive

t2.lowtid.com/c.php?p=c:9qopki6xxv00_xcj_&d=63a476059667022f656af908&s=22.488122.22&s3=22

51.161.115.163

302 Found

0 B

URL HTTP/1.1
t2.lowtid.com/c.php?p=c:9qopki6xxv00_xcj_&d=63a476059667022f656af908&s=22.488122.22&s3=22
IP
51.161.115.163:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c.php?p=c:9qopki6xxv00_xcj_&d=63a476059667022f656af908&s=22.488122.22&s3=22 HTTP/1.1
Host: t2.lowtid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 22 Dec 2022 18:48:13 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 1217p3t0dz
Raund: 2er
Location: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_22.488122.22

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e1eb7216f206fc210e62ad86dd5c0859
c2c4d92b3d9b553beb7768247f8efe35f4a77b9f
043845a0cdc138eaf54611aa2c2b7aff9a0b3d79e74c1ebb693c10beca60af1f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "043845A0CDC138EAF54611AA2C2B7AFF9A0B3D79E74C1EBB693C10BECA60AF1F"
Last-Modified: Thu, 22 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8316
Expires: Thu, 22 Dec 2022 21:06:49 GMT
Date: Thu, 22 Dec 2022 18:48:13 GMT
Connection: keep-alive

ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_22.488122.22

51.83.143.92

200 OK

498 B

URL HTTP/1.1
ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_22.488122.22
IP
51.83.143.92:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document, ASCII text, with very long lines (546)
Size
498 B (498 bytes)
Hash
96a2b882c1f591e5149753e12a7d8f8f
0ee2d4648b98eca5133c9c61e6f5bdc70421a332
ae0fc356a26feda69a2820123e4fdd40ee3da7467a68bb3f12502735f08a0367

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_22.488122.22 HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Dec 2022 18:48:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=63a4a66d0ef41922c659aa1f; expires=Sun, 25-Dec-2022 18:48:13 GMT; Max-Age=259200; path=/; domain=ron.trffclb.com; HttpOnly
Content-Encoding: gzip

ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_22.488122.22&bv=1

51.83.143.92

302 Found

0 B

URL HTTP/1.1
ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_22.488122.22&bv=1
IP
51.83.143.92:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_22.488122.22&bv=1 HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_22.488122.22
Cookie: bt-603611c5b7eaf46891533240=63a4a66d0ef41922c659aa1f
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 22 Dec 2022 18:48:13 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=ron.trffclb.com; HttpOnly
Round: 119cdtswvl
Raund: 2si
Location: https://popcash.net/world/go/134600/317194

popcash.net/world/go/134600/317194

172.67.194.203

301 Moved Permanently

162 B

URL HTTP/2
popcash.net/world/go/134600/317194
IP
172.67.194.203:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

GET /world/go/134600/317194 HTTP/1.1
Host: popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ron.trffclb.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 301 Moved Permanently
date: Thu, 22 Dec 2022 18:48:13 GMT
content-type: text/html
content-length: 162
location: http://ps.popcash.net/go/134600/317194
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oKjUNaSFt04YmBIHhOULzdE2Ts%2FpFrSft24aVfkipwlcFpmR8iYvYUQKIeCgbZvNeTyUxXsv498aD9iTd9S750XI3vyjeK0XTuoqHPQvsAFBSD09NQZTHTP5YyBZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77db07cd7ae51bfe-OSL
X-Firefox-Spdy: h2

ron.trffclb.com/favicon.ico

51.83.143.92

200 OK

20 B

URL HTTP/1.1
ron.trffclb.com/favicon.ico
IP
51.83.143.92:0
ASN
#16276 OVH SAS

File type
data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_22.488122.22
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Dec 2022 18:48:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

ps.popcash.net/go/134600/317194

52.20.154.189

200 OK

269 B

URL HTTP/1.1
ps.popcash.net/go/134600/317194
IP
52.20.154.189:0
ASN
#14618 AMAZON-AES

File type
HTML document, ASCII text
Size
269 B (269 bytes)
Hash
cead441f117a0f152efc58f776b94114
d5dae788d9d21b0af385a95c9712b9ee5da2febc
ea15c781935d8de7f0bd530036564977e892ead13829a2331cecd13f8eb951f9

HTTP Headers

GET /go/134600/317194 HTTP/1.1
Host: ps.popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/html
Date: Thu, 22 Dec 2022 18:48:13 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 269
Connection: keep-alive

ps.popcash.net/ad/ad?p=134600&w=317194&t=3d71987ce30d7fdc&r=&vw=1280&vh=0

52.20.154.189

303 See Other

0 B

URL HTTP/1.1
ps.popcash.net/ad/ad?p=134600&w=317194&t=3d71987ce30d7fdc&r=&vw=1280&vh=0
IP
52.20.154.189:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ad/ad?p=134600&w=317194&t=3d71987ce30d7fdc&r=&vw=1280&vh=0 HTTP/1.1
Host: ps.popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ps.popcash.net/go/134600/317194
Upgrade-Insecure-Requests: 1

HTTP/1.1 303 See Other
Date: Thu, 22 Dec 2022 18:48:14 GMT
Location: https://heya.today/1
Server: nginx
Content-Length: 0
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
746409a88b1342fe7b570306c302c71e
e08a7bf55e08a498f2eed6a35b90107fc0bdb303
9352308fd047bafceddfaf2a9a6eab650593f16ff5632330a4bf745750704650

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9352308FD047BAFCEDDFAF2A9A6EAB650593F16FF5632330A4BF745750704650"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14780
Expires: Thu, 22 Dec 2022 22:54:34 GMT
Date: Thu, 22 Dec 2022 18:48:14 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
746409a88b1342fe7b570306c302c71e
e08a7bf55e08a498f2eed6a35b90107fc0bdb303
9352308fd047bafceddfaf2a9a6eab650593f16ff5632330a4bf745750704650

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9352308FD047BAFCEDDFAF2A9A6EAB650593F16FF5632330A4BF745750704650"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14780
Expires: Thu, 22 Dec 2022 22:54:34 GMT
Date: Thu, 22 Dec 2022 18:48:14 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
746409a88b1342fe7b570306c302c71e
e08a7bf55e08a498f2eed6a35b90107fc0bdb303
9352308fd047bafceddfaf2a9a6eab650593f16ff5632330a4bf745750704650

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9352308FD047BAFCEDDFAF2A9A6EAB650593F16FF5632330A4BF745750704650"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14780
Expires: Thu, 22 Dec 2022 22:54:34 GMT
Date: Thu, 22 Dec 2022 18:48:14 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
746409a88b1342fe7b570306c302c71e
e08a7bf55e08a498f2eed6a35b90107fc0bdb303
9352308fd047bafceddfaf2a9a6eab650593f16ff5632330a4bf745750704650

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9352308FD047BAFCEDDFAF2A9A6EAB650593F16FF5632330A4BF745750704650"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14780
Expires: Thu, 22 Dec 2022 22:54:34 GMT
Date: Thu, 22 Dec 2022 18:48:14 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe214af9e-bbea-4c56-8594-6c13fa8e8658.jpeg

34.120.237.76

200 OK

4.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe214af9e-bbea-4c56-8594-6c13fa8e8658.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.1 kB (4081 bytes)
Hash
f10f083831869d290396d5b9066449fb
9752d6ec06f3e55ae86d60d27911d8c82ff4a9c4
4a0a255f740bce3f6515b37dba1c94dfd7869088e1a2043a8ea5b3790de1fb4d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe214af9e-bbea-4c56-8594-6c13fa8e8658.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4081
x-amzn-requestid: b589c193-565b-4069-83f9-47cceac1c56d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dhCNkGykoAMF0Mg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a37d89-74877b0e74988a776c55561f;Sampled=0
x-amzn-remapped-date: Wed, 21 Dec 2022 21:41:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: bAdhstYbD52w6YX3KsTt8q5nRiBJBkafqewhDw6Yj5GYmEi-ZskoXA==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Dec 2022 21:53:54 GMT
etag: "9752d6ec06f3e55ae86d60d27911d8c82ff4a9c4"
content-type: image/jpeg
age: 75260
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c1a3c98-ff73-4c90-ad24-b2223ae207cd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.8 kB (7763 bytes)
Hash
181fbb7e44b44baa067e51cdc7f4d4e2
7f0c20921a04f92e79393ea10c85db9460f9d165
1cd612257cd0388e48cc855a4c03b6b167da3bd60afd6b4a41d9c6a7922efdbd

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c1a3c98-ff73-4c90-ad24-b2223ae207cd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7763
x-amzn-requestid: 298c4f10-c248-43a4-878e-8f119819bdc8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dhBhLFy8IAMFtMw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a37c6d-30fed0cc51ee789b0f7e6fcc;Sampled=0
x-amzn-remapped-date: Wed, 21 Dec 2022 21:36:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: FPDMLeqIyF7sWEC8EvII3yLGjbrOrk4HGVqEiBIgrI7VfP8jWrSbjA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Dec 2022 21:55:00 GMT
age: 75194
etag: "7f0c20921a04f92e79393ea10c85db9460f9d165"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdefad689-8a78-41c9-8774-f0b8a1135d15.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (9044 bytes)
Hash
8f5b2e482a0944dfc0de3a69659fa002
64dd897d9163a6eceadc0c5460cdd135d323abb3
feb1a63a27859b88257d50c3c8723131978fd1f363a6f9e1297b91549b4aed9d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdefad689-8a78-41c9-8774-f0b8a1135d15.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9044
x-amzn-requestid: 981a0010-ec53-4659-818b-4cfa39fa8cd5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dbuhqGUbIAMF_QQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a15e0a-65b084547c4d2b4414236f84;Sampled=0
x-amzn-remapped-date: Tue, 20 Dec 2022 07:02:34 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: zpD7jJPul0neScrR95OWNsTN3c6KmzlKaXfe1a0-pEv8sG1Z4BzSuQ==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 ea699166e6ec77aa410ff505b0a8ce18.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Dec 2022 07:08:19 GMT
age: 41995
etag: "64dd897d9163a6eceadc0c5460cdd135d323abb3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5fe4d96f-b35a-4cc6-9fe3-c52ed693df34.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11471 bytes)
Hash
5dd6622433d537fbb91a04bd3b57d873
552f216608b819b4f65f0574e421f4a761f0d721
5e9b03133d928378a775ab52ec6e58cd7753aa2975a4966534353c0d6bc46af5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5fe4d96f-b35a-4cc6-9fe3-c52ed693df34.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11471
x-amzn-requestid: 20d9459a-710b-4fcf-bfce-9f0c5f513740
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dbNEqGPnoAMFcDg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a12884-4a93ab9047181db109d328e2;Sampled=0
x-amzn-remapped-date: Tue, 20 Dec 2022 03:14:12 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: qFwWS-f0U1hSbrFFgBiGNzXRvZyvR90n_MI7jfYfWsyv2W6jH8D-9w==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 a06140ffee86972bad90c57fc682df36.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Dec 2022 03:23:59 GMT
age: 55455
etag: "552f216608b819b4f65f0574e421f4a761f0d721"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F65e2add8-ea05-4111-9858-24c4f0d437a5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.4 kB (8433 bytes)
Hash
1aa2fe21cd79bf1faaac0272119678d0
d23357441546e2f09f28f23407c81a52c01b9a22
ea050bbd73c13bcbac664baa5ae51a92277e1b1d1b8e7b0a4e18b46b4d20f3e1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F65e2add8-ea05-4111-9858-24c4f0d437a5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8433
x-amzn-requestid: 4fed41bb-f868-49cd-820a-2dadcd2baace
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dabuOHIBIAMF04w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a0d98e-46ab81065bf0f6d157b16b13;Sampled=0
x-amzn-remapped-date: Mon, 19 Dec 2022 21:37:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: guDXekCSbwPS-EwHHTdEyLjAI0KW3nrOMs3X80AE2TBrL1TsICefPg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Dec 2022 22:09:35 GMT
age: 74319
etag: "d23357441546e2f09f28f23407c81a52c01b9a22"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc1aefd95-d51b-4642-ab89-11a7030455cf.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.9 kB (8860 bytes)
Hash
cd72f58a8fdce6925df77081a95c951b
625acc5e8257f47f745fd5a1b5d43d10f2df0d81
20f5fcc7bd72d44b0fff58e12b4ab025082e55e2d86e2bd48d740f091b84a86a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc1aefd95-d51b-4642-ab89-11a7030455cf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8860
x-amzn-requestid: 07acc052-7112-4844-8b9b-07ae6d36bde9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dfBrAGUTIAMFzrg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a2afdf-5152438d378586f94911a722;Sampled=0
x-amzn-remapped-date: Wed, 21 Dec 2022 07:03:59 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 42te3BPiP1bi8_OjGDaCyB2CmgiKE3K1eRiHM5v0q-LDImFrapUAfA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 31dfa94142c6eaf975b0e5454c00340a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Dec 2022 07:14:17 GMT
age: 41637
etag: "625acc5e8257f47f745fd5a1b5d43d10f2df0d81"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

heya.today/1

99.192.224.70

200 OK

4.2 kB

URL HTTP/2
heya.today/1
IP
99.192.224.70:0
ASN
#27589 MOJOHOST

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
4.2 kB (4152 bytes)
Hash
64133cd413c45220b1414f0b9c55ae31
86867038578aea823b9d5e648743af67aabaaffa
9ffa1d3902371c8939b031cbc966b4d9a784bb5d0bfed6aa3246ed6ed592b908

HTTP Headers

GET /1 HTTP/1.1
Host: heya.today
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ps.popcash.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 22 Dec 2022 18:48:14 GMT
content-type: text/html;charset=UTF-8
content-length: 4152
set-cookie: JSESSIONID=2A3764A762A6977A9E2F5046F4B8CB48; Path=/; HttpOnly
content-language: en-US
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a677501b4490b3352220a1d60a3b88bf
9a5339c0bd6f3e1ae8af0116362efb71426807fc
4dea04acde2396c347e04123c6f97d0efc70695facc6a615a731b6dee801be18

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Dec 2022 18:48:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d30907d8b4e8f5c7644a5f3ade244746
b4897a3b75cde46af816f8edf2ad1238739c15cf
054586891a1e335abf433826d90fae3f561874d3ae9bf27587d5706d34d1d3af

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Dec 2022 18:48:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=G-TBR6YBVH1L

142.250.74.168

200 OK

76 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=G-TBR6YBVH1L
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (20080)
Size
76 kB (76264 bytes)
Hash
47d9b947161e74475253f242313dd2c9
ad726e3db53688de6abb9ea913917a5c2ba9b148
636ae91b55fb6d4b5f5c30283c894140dc62648434780ef8845fbfef7e5c69e2

HTTP Headers

GET /gtag/js?id=G-TBR6YBVH1L HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heya.today/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 22 Dec 2022 18:48:14 GMT
expires: Thu, 22 Dec 2022 18:48:14 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76264
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Roboto+Slab:wght@400;600;700&family=Roboto:wght@400;500;700&display=swap

142.250.74.74

200 OK

1.3 kB

URL HTTP/2
fonts.googleapis.com/css2?family=Roboto+Slab:wght@400;600;700&family=Roboto:wght@400;500;700&display=swap
IP
142.250.74.74:0
ASN
#15169 GOOGLE

File type
data
Size
1.3 kB (1309 bytes)
Hash
4b4cc487dea0fad4093e1f9e3f92c8f7
259488d83cee24bc6918143def406be8876e9148
228a7b90b4021199df9b229a9977794a6a4fdb6f63aa6eeb8d7bf42f50b83b7d

HTTP Headers

GET /css2?family=Roboto+Slab:wght@400;600;700&family=Roboto:wght@400;500;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heya.today/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 22 Dec 2022 18:48:14 GMT
date: Thu, 22 Dec 2022 18:48:14 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d30907d8b4e8f5c7644a5f3ade244746
b4897a3b75cde46af816f8edf2ad1238739c15cf
054586891a1e335abf433826d90fae3f561874d3ae9bf27587d5706d34d1d3af

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Dec 2022 18:48:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

heya.today/css/bootstrap.css

99.192.224.70

200 OK

205 kB

URL HTTP/2
heya.today/css/bootstrap.css
IP
99.192.224.70:0
ASN
#27589 MOJOHOST

File type
Unicode text, UTF-8 text, with very long lines (560)
Size
205 kB (205441 bytes)
Hash
47ead5232ecce925ff97159a5d9400ce
61b3253b90243e7c3404cd4611a8ca8273fa0aed
a196593b8853cd30d78042af317f3eb0ef9c4d26e8bafa3ac8b9ff1a944107a2

HTTP Headers

GET /css/bootstrap.css HTTP/1.1
Host: heya.today
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heya.today/1
Cookie: JSESSIONID=2A3764A762A6977A9E2F5046F4B8CB48
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 22 Dec 2022 18:48:14 GMT
content-type: text/css
content-length: 205441
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Tue, 27 Sep 2022 13:56:24 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2

heya.today/css/magnific-popup.css

99.192.224.70

200 OK

7.3 kB

URL HTTP/2
heya.today/css/magnific-popup.css
IP
99.192.224.70:0
ASN
#27589 MOJOHOST

File type
ASCII text
Size
7.3 kB (7332 bytes)
Hash
bd3439ab2014971767f1de6ee61ebb84
67d6917ff6d4734f668f023e46765494b990bca1
7a53eeb87a94ddde169539c9ab0e20eb49ea9e59cad50406302b0538b03d3a32

HTTP Headers

GET /css/magnific-popup.css HTTP/1.1
Host: heya.today
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heya.today/1
Cookie: JSESSIONID=2A3764A762A6977A9E2F5046F4B8CB48
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 22 Dec 2022 18:48:14 GMT
content-type: text/css
content-length: 7332
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Tue, 27 Sep 2022 13:56:24 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2

heya.today/css/dark.css

99.192.224.70

200 OK

49 kB

URL HTTP/2
heya.today/css/dark.css
IP
99.192.224.70:0
ASN
#27589 MOJOHOST

File type
ASCII text
Size
49 kB (48770 bytes)
Hash
14db029ff0061c8731c9fab007802c34
80f12ee25f9cce1e9ec66d88506621802f08780e
df94a7c9445b6c4e56eee884c779428e6c90995e404d3b08fffd647fa3e95330

HTTP Headers

GET /css/dark.css HTTP/1.1
Host: heya.today
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heya.today/1
Cookie: JSESSIONID=2A3764A762A6977A9E2F5046F4B8CB48
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 22 Dec 2022 18:48:14 GMT
content-type: text/css
content-length: 48770
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Tue, 27 Sep 2022 13:56:24 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2

heya.today/css/animate.css

99.192.224.70

200 OK

90 kB

URL HTTP/2
heya.today/css/animate.css
IP
99.192.224.70:0
ASN
#27589 MOJOHOST

File type
ASCII text
Size
90 kB (89704 bytes)
Hash
88c24e437ebcc966247369463639c90a
4d1181a77fc2319c664096176886c1f4c91b43f6
a950859f0d8002e2647b7b8fc4498ba36f72489619ca84a5d0229656019be05c

HTTP Headers

GET /css/animate.css HTTP/1.1
Host: heya.today
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heya.today/1
Cookie: JSESSIONID=2A3764A762A6977A9E2F5046F4B8CB48
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 22 Dec 2022 18:48:14 GMT
content-type: text/css
content-length: 89704
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Tue, 27 Sep 2022 13:56:24 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2

heya.today/css/custom.css

99.192.224.70

200 OK

268 B

URL HTTP/2
heya.today/css/custom.css
IP
99.192.224.70:0
ASN
#27589 MOJOHOST

File type
ASCII text
Size
268 B (268 bytes)
Hash
04cf7e63dc1e98251e56a027b09e160f
f6134124b935956d99bf8db3cdc44bc8d793a8fc
98cd464f3960ef6f6279c2b10115c065c735ff59dfb9236018fbc41c37219f2f

HTTP Headers

GET /css/custom.css HTTP/1.1
Host: heya.today
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heya.today/1
Cookie: JSESSIONID=2A3764A762A6977A9E2F5046F4B8CB48
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 22 Dec 2022 18:48:14 GMT
content-type: text/css
content-length: 268
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Tue, 27 Sep 2022 13:56:24 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2

heya.today/demos/news/css/fonts.css

99.192.224.70

200 OK

1.0 kB

URL HTTP/2
heya.today/demos/news/css/fonts.css
IP
99.192.224.70:0
ASN
#27589 MOJOHOST

File type
ASCII text
Size
1.0 kB (1049 bytes)
Hash
53c3ec2a1f9e3f2427f1ed90daff8576
7906476e0fb913e9fc284c6267d28eb3727f38c8
c439e78fb3ec09c5c554bbcd38bee96c89505af3c677add82ccb6c459ec852b5

HTTP Headers

GET /demos/news/css/fonts.css HTTP/1.1
Host: heya.today
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heya.today/1
Cookie: JSESSIONID=2A3764A762A6977A9E2F5046F4B8CB48
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 22 Dec 2022 18:48:14 GMT
content-type: text/css
content-length: 1049
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Tue, 27 Sep 2022 13:56:24 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2

heya.today/css/colors.php?color=FF8600

99.192.224.70

200 OK

9.4 kB

URL HTTP/2
heya.today/css/colors.php?color=FF8600
IP
99.192.224.70:0
ASN
#27589 MOJOHOST

File type
PHP script, ASCII text
Size
9.4 kB (9395 bytes)
Hash
a712949e3c4d63017cccacc550e7dcb0
d8f19ec9f608cec38911e3a0ff3ce27a442b1aef
4b69bb9b3d39ca2f61c6aae034ca20ede1f4834f387926377e01b01ee412c63e

HTTP Headers

GET /css/colors.php?color=FF8600 HTTP/1.1
Host: heya.today
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heya.today/1
Cookie: JSESSIONID=2A3764A762A6977A9E2F5046F4B8CB48
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 22 Dec 2022 18:48:14 GMT
content-type: application/octet-stream
content-length: 9395
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Tue, 27 Sep 2022 13:56:24 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2

heya.today/demos/news/news.css

99.192.224.70

200 OK

13 kB

URL HTTP/2
heya.today/demos/news/news.css
IP
99.192.224.70:0
ASN
#27589 MOJOHOST

File type
ASCII text
Size
13 kB (13276 bytes)
Hash
6cc6f11776e5a90ab2e07bd4cd2415cf
b2aeefe3ebd08797bd16f6444281ab6f862eb878
b2782cea1456ffbf1b342a8937180c77aa5c3d82833e3a9b52b692800c5da8fb

HTTP Headers

GET /demos/news/news.css HTTP/1.1
Host: heya.today
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heya.today/1
Cookie: JSESSIONID=2A3764A762A6977A9E2F5046F4B8CB48
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 22 Dec 2022 18:48:14 GMT
content-type: text/css
content-length: 13276
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Tue, 27 Sep 2022 13:56:24 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2

heya.today/css/font-icons.css

99.192.224.70

200 OK

123 kB

URL HTTP/2
heya.today/css/font-icons.css
IP
99.192.224.70:0
ASN
#27589 MOJOHOST

File type
ASCII text
Size
123 kB (122677 bytes)
Hash
da4e62e317f47bcacfbf448c338ee382
92fadeb976e7e8154575500792e6ae8236faf108
489281a64c3c7821929eac74ad520f46edced4f81d5719fbcae7579c6be9dfe4

HTTP Headers

GET /css/font-icons.css HTTP/1.1
Host: heya.today
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heya.today/1
Cookie: JSESSIONID=2A3764A762A6977A9E2F5046F4B8CB48
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 22 Dec 2022 18:48:14 GMT
content-type: text/css
content-length: 122677
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Tue, 27 Sep 2022 13:56:24 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2

heya.today/img/icon.png

99.192.224.70

200 OK

68 B

URL HTTP/2
heya.today/img/icon.png
IP
99.192.224.70:0
ASN
#27589 MOJOHOST

File type
PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Size
68 B (68 bytes)
Hash
24693e546434dd0fd40707a301106d3e
91d4073d16df6cfdb5bd6d8950bb3154f1438960
d39cae93ecafb8d8e55d5df425af460a4cba9def94c8811ac4bd5ce6d48adb37

HTTP Headers

GET /img/icon.png HTTP/1.1
Host: heya.today
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heya.today/1
Cookie: JSESSIONID=2A3764A762A6977A9E2F5046F4B8CB48
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 22 Dec 2022 18:48:14 GMT
content-type: image/png
content-length: 68
last-modified: Tue, 09 Mar 2021 08:04:05 GMT
etag: "60472bf5-44"
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
accept-ranges: bytes
X-Firefox-Spdy: h2

heya.today/demos/HEYA.png

99.192.224.70

200 OK

9.1 kB

URL HTTP/2
heya.today/demos/HEYA.png
IP
99.192.224.70:0
ASN
#27589 MOJOHOST

File type
PNG image data, 184 x 100, 8-bit/color RGBA, non-interlaced\012- data
Size
9.1 kB (9091 bytes)
Hash
63f948b459405a765027d42d1fdedaf2
f00ff4a8057e0e4148ba37d0bfaf2c1b4a3e93ca
7c79b0d224fba16a7108b3144784f8592220c2d9f4633c372a6b3fe892857071

HTTP Headers

GET /demos/HEYA.png HTTP/1.1
Host: heya.today
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heya.today/1
Cookie: JSESSIONID=2A3764A762A6977A9E2F5046F4B8CB48
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 22 Dec 2022 18:48:14 GMT
content-type: image/png
content-length: 9091
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Tue, 27 Sep 2022 13:56:24 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2

heya.today/style.css

99.192.224.70

200 OK

334 kB

URL HTTP/2
heya.today/style.css
IP
99.192.224.70:0
ASN
#27589 MOJOHOST

File type
ASCII text
Size
334 kB (333681 bytes)
Hash
cf2f8d1244d826c88a15c8b2b35c42f7
e78cdd51b1b32db2c7bcf7ebe58637d861011e1b
7c21f9fb759c0bb25819f7a6e0bda38d22fd9a02ef6df4bd7ee8ff4a24df0881

HTTP Headers

GET /style.css HTTP/1.1
Host: heya.today
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heya.today/1
Cookie: JSESSIONID=2A3764A762A6977A9E2F5046F4B8CB48
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 22 Dec 2022 18:48:14 GMT
content-type: text/css
content-length: 333681
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Tue, 27 Sep 2022 13:56:24 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
262ab960b9c7a7e0406e5a7aec04fe55
6d2022c15425b88acc2d29415f678750c71f38ed
7d2818b8e8e70b0f9ceddb23c6a87d22733f11b09596c618ef8b3dfda4f122cc

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Dec 2022 18:48:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.35

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://heya.today
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Dec 2022 19:33:54 GMT
expires: Thu, 21 Dec 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 83661
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
262ab960b9c7a7e0406e5a7aec04fe55
6d2022c15425b88acc2d29415f678750c71f38ed
7d2818b8e8e70b0f9ceddb23c6a87d22733f11b09596c618ef8b3dfda4f122cc

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Dec 2022 18:48:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

heya.today/favicon.ico

99.192.224.70

404 Not Found

100 B

URL HTTP/2
heya.today/favicon.ico
IP
99.192.224.70:0
ASN
#27589 MOJOHOST

File type
JSON data\012- , ASCII text, with no line terminators
Size
100 B (100 bytes)
Hash
dbd62112efccec34698ff2de5b5abf04
7782af726e96ca3fbfd795007b2425c34cf4340e
faca78a236a6ef6f3935af30b2a22bc3d7f1e7892a61de05ce1400d84355fb27

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: heya.today
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heya.today/1
Cookie: JSESSIONID=2A3764A762A6977A9E2F5046F4B8CB48; _ga_TBR6YBVH1L=GS1.1.1671734894.1.0.1671734894.0.0.0; _ga=GA1.1.181017328.1671734895
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx/1.20.1
date: Thu, 22 Dec 2022 18:48:15 GMT
content-type: application/json
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (53)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size